+<?php

+/**

+*

+* @package phpBB3

+* @version $Id$

+* @copyright (c) 2009, 2010 phpBB Group

+* @license http://opensource.org/licenses/gpl-license.php GNU Public License

+*

+*/

+

+/**

+* This script will check your database for potentially dangerous flash BBCode tags

+*/

+

+//

+// Security message:

+//

+// This script is potentially dangerous.

+// Remove or comment the next line (die(".... ) to enable this script.

+// Do NOT FORGET to either remove this script or disable it after you have used it.

+//

+die("Please read the first lines of this script for instructions on how to enable it\n");

+

+/**

+*/

+define('IN_PHPBB', true);

+$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';

+$phpEx = substr(strrchr(__FILE__, '.'), 1);

+include($phpbb_root_path . 'common.' . $phpEx);

+

+if (php_sapi_name() != 'cli')

+{

+ header('Content-Type: text/plain');

+}

+

+check_table_flash_bbcodes(POSTS_TABLE, 'post_id', 'post_text', 'bbcode_uid', 'bbcode_bitfield');

+check_table_flash_bbcodes(PRIVMSGS_TABLE, 'msg_id', 'message_text', 'bbcode_uid', 'bbcode_bitfield');

+check_table_flash_bbcodes(USERS_TABLE, 'user_id', 'user_sig', 'user_sig_bbcode_uid', 'user_sig_bbcode_bitfield');

+check_table_flash_bbcodes(FORUMS_TABLE, 'forum_id', 'forum_desc', 'forum_desc_uid', 'forum_desc_bitfield');

+check_table_flash_bbcodes(FORUMS_TABLE, 'forum_id', 'forum_rules', 'forum_rules_uid', 'forum_rules_bitfield');

+check_table_flash_bbcodes(GROUPS_TABLE, 'group_id', 'group_desc', 'group_desc_uid', 'group_desc_bitfield');

+

+echo "If potentially dangerous flash bbcodes were found, please reparse the posts using the Support Toolkit (http://www.phpbb.com/support/stk/) and/or file a ticket in the Incident Tracker (http://www.phpbb.com/incidents/).\n";

+

+function check_table_flash_bbcodes($table_name, $id_field, $content_field, $uid_field, $bitfield_field)

+{

+ echo "Checking $content_field on $table_name\n";

+

+ $ids = get_table_flash_bbcode_pkids($table_name, $id_field, $content_field, $uid_field, $bitfield_field);

+

+ $size = sizeof($ids);

+ if ($size)

+ {

+ echo "Found $size potentially dangerous flash bbcodes.\n";

+ echo "$id_field: " . implode(', ', $ids) . "\n";

+ }

+ else

+ {

+ echo "No potentially dangerous flash bbcodes found.\n";

+ }

+

+ echo "\n";

+}

+

+function get_table_flash_bbcode_pkids($table_name, $id_field, $content_field, $uid_field, $bitfield_field)

+{

+ global $db;

+

+ $ids = array();

+

+ $sql = "SELECT $id_field, $content_field, $uid_field, $bitfield_field

+ FROM $table_name

+ WHERE $content_field LIKE '%[/flash:%'

+ AND $bitfield_field <> ''";

+

+ $result = $db->sql_query($sql);

+ while ($row = $db->sql_fetchrow($result))

+ {

+ $uid = $row[$uid_field];

+

+ // thanks support toolkit

+ $content = html_entity_decode_utf8($row[$content_field]);

+ set_var($content, $content, 'string', true);

+ $content = utf8_normalize_nfc($content);

+

+ $bitfield_data = $row[$bitfield_field];

+

+ if (!is_valid_flash_bbcode($content, $uid) && has_flash_enabled($bitfield_data))

+ {

+ $ids[] = (int) $row[$id_field];

+ }

+ }

+ $db->sql_freeresult($result);

+

+ return $ids;

+}

+

+function get_flash_regex($uid)

+{

+ return "#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#";

+}

+

+// extract all valid flash bbcodes

+// check if the bbcode content is a valid URL for each match

+function is_valid_flash_bbcode($cleaned_content, $uid)

+{

+ $regex = get_flash_regex($uid);

+

+ $url_regex = get_preg_expression('url');

+ $www_url_regex = get_preg_expression('www_url');

+

+ if (preg_match_all($regex, $cleaned_content, $matches))

+ {

+ foreach ($matches[3] as $flash_url)

+ {

+ if (!preg_match("#^($url_regex|$www_url_regex)$#i", $flash_url))

+ {

+ return false;

+ }

+ }

+ }

+

+ return true;

+}

+

+// check if a bitfield includes flash

+// 11 = flash bit

+function has_flash_enabled($bitfield_data)

+{

+ $bitfield = new bitfield($bitfield_data);

+ return $bitfield->get(11);

+}

+

+// taken from support toolkit

+function html_entity_decode_utf8($string)

+{

+ static $trans_tbl;

+

+ // replace numeric entities

+ $string = preg_replace('~&#x([0-9a-f]+);~ei', 'code2utf8(hexdec("\\1"))', $string);

+ $string = preg_replace('~&#([0-9]+);~e', 'code2utf8(\\1)', $string);

+

+ // replace literal entities

+ if (!isset($trans_tbl))

+ {

+ $trans_tbl = array();

+

+ foreach (get_html_translation_table(HTML_ENTITIES) as $val=>$key)

+ $trans_tbl[$key] = utf8_encode($val);

+ }

+ return strtr($string, $trans_tbl);

+}

+

+// taken from support toolkit

+// Returns the utf string corresponding to the unicode value (from php.net, courtesy - romans@void.lv)

+function code2utf8($num)

+{

+ if ($num < 128) return chr($num);

+ if ($num < 2048) return chr(($num >> 6) + 192) . chr(($num & 63) + 128);

+ if ($num < 65536) return chr(($num >> 12) + 224) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);

+ if ($num < 2097152) return chr(($num >> 18) + 240) . chr((($num >> 12) & 63) + 128) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);

+ return '';

+}

+}

+</html>

+#!/usr/bin/env python

+# Remove ending PHP tags '?>'

+# @author Oleg Pudeyev

+# @license http://opensource.org/licenses/gpl-license.php GNU Public License

+

+import sys, os, os.path, optparse

+

+def error(message, code):

+ print >>sys.stderr, message

+ exit(code)

+

+

+parser = optparse.OptionParser()

+parser.add_option('-a', '--aggressive', help='Remove ending tags when they are followed by whitespace', action='store_true')

+options, args = parser.parse_args()

+

+if len(args) != 1:

+ parser.usage()

+ error("Usage: remove-php-end-tags path", 2)

+

+path = args[0]

+

+if not os.path.exists(path):

+ error("Path does not exist: %s" % path, 3)

+

+if options.aggressive:

+ import re

+

+ fix_re = re.compile(r'\s*\?>\s*$')

+ def fix_content(content):

+ content = fix_re.sub(r'\n', content)

+ return content

+else:

+ def fix_content(content):

+ if content.endswith('?>'):

+ content = content[:-2].strip() + "\n"

+ return content

+

+def process_file(path):

+ f = open(path)

+ try:

+ content = f.read()

+ finally:

+ f.close()

+ fixed_content = fix_content(content)

+ if content != fixed_content:

+ f = open(path, 'w')

+ try:

+ f.write(fixed_content)

+ finally:

+ f.close()

+

+def process_dir(path):

+ for root, dirs, files in os.walk(path):

+ if '.svn' in dirs:

+ dirs.remove('.svn')

+ for file in files:

+ if file.endswith('.php'):

+ path = os.path.join(root, file)

+ process_file(path)

+

+if os.path.isdir(path):

+ process_dir(path)

+else:

+ process_file(path)

+}